[***] Summary: [***]
11 new OPEN, 49 new PRO (11 + 38). DTLoader, Cobalt Strike, Win32/Ymacco.AAFF, Various Phishing, Suri5 Updates.
Thanks: @James_inthe_box
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031119 - ET TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2031120 - ET INFO Improperly Spaced Accept Header in User-Agent
(info.rules)
2031121 - ET EXPLOIT InoERP 0.7.2 Unauthenticated Remote Code Execution
(Outbound) (exploit.rules)
2031122 - ET EXPLOIT InoERP 0.7.2 Unauthenticated Remote Code Execution
(Inbound) (exploit.rules)
2031123 - ET INFO Suspicious PHP Code in HTTP POST (Outbound) (info.rules)
2031124 - ET INFO Suspicious PHP Code in HTTP POST (Inbound) (info.rules)
2031125 - ET INFO Suspicious PHP Code in HTTP POST (Outbound) (info.rules)
2031126 - ET INFO Suspicious PHP Code in HTTP POST (Inbound) (info.rules)
2031127 - ET TROJAN DTLoader Binary Request (trojan.rules)
2031128 - ET TROJAN DTLoader Encoded Binary - Server Response
(trojan.rules)
2031129 - ET TROJAN DTLoader Domain (ahgwqrq .xyz in TLS SNI)
(trojan.rules)
Pro:
2845167 - ETPRO POLICY External IP Address Lookup Domain SSL Cert
(geodatatool .com) (policy.rules)
2845168 - ETPRO TROJAN Cobalt Strike Malleable C2 (JQuery Profile) M3
(trojan.rules)
2845169 - ETPRO TROJAN Observed Malicious SSL Cert (Power Spy Keylogger)
(trojan.rules)
2845170 - ETPRO TROJAN Observed Malicious SSL Cert (Power Spy Keylogger)
(trojan.rules)
2845171 - ETPRO CURRENT_EVENTS Successful Venmo Phish 2020-10-27
(current_events.rules)
2845172 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-10-27 (current_events.rules)
2845173 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-10-27
(current_events.rules)
2845174 - ETPRO CURRENT_EVENTS Successful Natwest Phish 2020-10-27
(current_events.rules)
2845175 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-10-27 (current_events.rules)
2845176 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-10-27 (current_events.rules)
2845177 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-10-27
(current_events.rules)
2845178 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-10-27
(current_events.rules)
2845179 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2020-10-27
(current_events.rules)
2845180 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
2845181 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2845182 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-10-27 (current_events.rules)
2845183 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-10-27
(current_events.rules)
2845184 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-10-27
(current_events.rules)
2845185 - ETPRO CURRENT_EVENTS Successful Tangerine Phish 2020-10-27
(current_events.rules)
2845186 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-27 1) (trojan.rules)
2845187 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-27 2) (trojan.rules)
2845188 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-27 3) (trojan.rules)
2845189 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-27 4) (trojan.rules)
2845190 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-27 5) (trojan.rules)
2845191 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-27 6) (trojan.rules)
2845192 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-27 7) (trojan.rules)
2845193 - ETPRO TROJAN TeamViewer Dropper Checkin (trojan.rules)
2845194 - ETPRO TROJAN Win32/Remcos RAT Checkin 579 (trojan.rules)
2845195 - ETPRO TROJAN Win32/Remcos RAT Checkin 580 (trojan.rules)
2845196 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2845197 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (3980a)
(web_client.rules)
2845198 - ETPRO INFO Unusually Long freeddns DynDNS Domain (info.rules)
2845199 - ETPRO INFO Unusually Long mywire DynDNS Domain (info.rules)
2845200 - ETPRO MALWARE Win32/Ymacco.AAFF Activity (client IP check)
(malware.rules)
2845201 - ETPRO MALWARE Win32/Ymacco.AAFF Activity (server IP retrieval)
(malware.rules)
2845202 - ETPRO MALWARE Win32/Ymacco.AAFF Activity (configuration
retrieval) (malware.rules)
2845203 - ETPRO MALWARE Win32/Ymacco.AAFF Activity (version check)
(malware.rules)
2844060 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Recursive_Wallets/) M2 (info.rules)
[///] Modified active rules: [///]
2009363 - ET WEB_SERVER Suspicious Chmod Usage in URI (Inbound)
(web_server.rules)
2018403 - ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe
(trojan.rules)
2027941 - ET POLICY DNS Query to a Reverse Proxy Service Observed
(policy.rules)
2028991 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
2029101 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
2029176 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
2029189 - ET TROJAN OilRig APT PowDesk Powershell Check (trojan.rules)
2029206 - ET EXPLOIT Possible Citrix Application Delivery Controller
Arbitrary Code Execution Attempt (CVE-2019-19781) (exploit.rules)
2029207 - ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection
Inbound (CVE-2019-7256) (exploit.rules)
2029208 - ET SCAN Dark Nexus IoT Variant User-Agent (Inbound) (scan.rules)
2029209 - ET TROJAN Dark Nexus IoT Variant User-Agent (Outbound)
(trojan.rules)
2029213 - ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection
Outbound (CVE-2019-7256) (exploit.rules)
2029215 - ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command
Execution Outbound (exploit.rules)
2029216 - ET INFO Suspicious Chmod Usage in URI (Outbound) (info.rules)
2029220 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
2029223 - ET TROJAN Legion Loader Activity Observed (carlos_castaneda)
(trojan.rules)
2029224 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
2029226 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
2029227 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
2029229 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
2029230 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query
(trojan.rules)
2029238 - ET TROJAN Legion Loader Activity Observed (trojan.rules)
2029239 - ET TROJAN DonotGroup Staging Domain Observed in DNS Query
(trojan.rules)
2029253 - ET TROJAN [401TRG] PS/PowDesk Checkin (APT34) (trojan.rules)
2029254 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query
(trojan.rules)
2029257 - ET INFO Observed Lets Encrypt Certificate for Suspicious TLD
(.top) (info.rules)
2029258 - ET POLICY GG Url Shortener Observed in DNS Query (policy.rules)
2029268 - ET WEB_CLIENT Observed DNS Query to Malicious Cookie Monster
Roulette JS Cookie Stealer Exfil Domain (web_client.rules)
2029279 - ET TROJAN Win32/Emotet CnC Activity (POST) M7 (trojan.rules)
2029281 - ET TROJAN SMS-Bomber Activity (trojan.rules)
2029289 - ET TROJAN Group 21 CnC Domain Observed in DNS Query
(trojan.rules)
2029297 - ET TROJAN MageCart CnC Domain Observed in DNS Query
(trojan.rules)
2029302 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
2029303 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
2029305 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
2029307 - ET TROJAN Observed Malicious SSL Cert (ELF/Rekoobe CnC)
(trojan.rules)
2029308 - ET POLICY Website Hosting Service Observed in DNS Query
(policy.rules)
2029309 - ET TROJAN ELF/Rekoobe CnC Observed in DNS Query (trojan.rules)
2029310 - ET TROJAN Gamaredon CnC Observed in DNS Query (trojan.rules)
2029311 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2029312 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2029313 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2029314 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2029315 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2029316 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2029322 - ET POLICY Telegram API Certificate Observed (policy.rules)
2029323 - ET TROJAN Possible Generic RAT over Telegram API (trojan.rules)
2029325 - ET TROJAN Observed Unk.PowerShell Loader CnC Domain in TLS SNI
(trojan.rules)
2029327 - ET TROJAN Diezen/Sakabota CnC Domain Observed in DNS Query
(trojan.rules)
2029656 - ET CURRENT_EVENTS Terse POST to Wordpress Folder - Probable
Successful Phishing M2 (current_events.rules)
2029684 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-27 (current_events.rules)
2031074 - ET TROJAN Win32/Ficker Stealer Activity (trojan.rules)
2823399 - ETPRO CURRENT_EVENTS Terse POST to Wordpress Folder - Probable
Successful Phishing M4 (current_events.rules)
2837353 - ETPRO TROJAN Sharik/Smokeloader CnC Beacon 15 (trojan.rules)
2838234 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-08-29 (current_events.rules)
2839331 - ETPRO INFO Suspicious User-Agent containing Loader Observed
(info.rules)
2839927 - ETPRO TROJAN Banload Variant Checkin (trojan.rules)
2840149 - ETPRO TROJAN Win32/Namoo CnC Activity (trojan.rules)
2840150 - ETPRO TROJAN Possible Win32/Namoo CnC Activity Response
(trojan.rules)
2840151 - ETPRO TROJAN Win32/Unk.Spambot (trojan.rules)
2840152 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-12-30
(current_events.rules)
2840153 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-12-30
(current_events.rules)
2840154 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-12-30 (current_events.rules)
2840155 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-12-30 (current_events.rules)
2840156 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2019-12-30 (current_events.rules)
2840157 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2019-12-30 (current_events.rules)
2840158 - ETPRO CURRENT_EVENTS Successful Fidelity Phish 2019-12-30
(current_events.rules)
2840159 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-30
(current_events.rules)
2840160 - ETPRO TROJAN Shasaizi CnC Host Checkin (trojan.rules)
2840161 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-30 (current_events.rules)
2840170 - ETPRO CURRENT_EVENTS Successful Microsoft Excel Phish
2019-12-31 (current_events.rules)
2840171 - ETPRO CURRENT_EVENTS Successful Banorte Bank Phish 2019-12-31
(current_events.rules)
2840172 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-31
(current_events.rules)
2840173 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-31
(current_events.rules)
2840174 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-31
(current_events.rules)
2840175 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-31 (current_events.rules)
2840176 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-31
(current_events.rules)
2840177 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-31 (current_events.rules)
2840178 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-31 (current_events.rules)
2840179 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-31 (current_events.rules)
2840180 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-12-31
(current_events.rules)
2840181 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-31 (current_events.rules)
2840182 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-12-31
(current_events.rules)
2840183 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-12-31
(current_events.rules)
2840184 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-12-31 (current_events.rules)
2840185 - ETPRO CURRENT_EVENTS Successful Facebook FR Phish 2019-12-31
(current_events.rules)
2840186 - ETPRO CURRENT_EVENTS Successful Netease 163 Phish 2019-12-31
(current_events.rules)
2840187 - ETPRO CURRENT_EVENTS Successful Hinet Phish 2019-12-31
(current_events.rules)
2840188 - ETPRO CURRENT_EVENTS Successful Sprint Identityguard Phish
2019-12-31 (current_events.rules)
2840195 - ETPRO TROJAN Attackbot CnC Activity (trojan.rules)
2840196 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-02 (current_events.rules)
2840197 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-02 (current_events.rules)
2840198 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-02 (current_events.rules)
2840200 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-01-02
(current_events.rules)
2840201 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-01-02
(current_events.rules)
2840202 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-01-02
(current_events.rules)
2840203 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-02
(current_events.rules)
2840204 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-02
(current_events.rules)
2840205 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish 2020-01-02
(current_events.rules)
2840206 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish 2020-01-02
(current_events.rules)
2840207 - ETPRO CURRENT_EVENTS Successful VBV Phish 2020-01-02
(current_events.rules)
2840208 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-02
(current_events.rules)
2840209 - ETPRO CURRENT_EVENTS Successful Garanti Bank Phish 2020-01-02
(current_events.rules)
2840210 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2020-01-02
(current_events.rules)
2840211 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-02 (current_events.rules)
2840213 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-01-02
(current_events.rules)
2840214 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-01-02
(current_events.rules)
2840215 - ETPRO CURRENT_EVENTS Successful Telstra Phish 2020-01-02
(current_events.rules)
2840216 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2020-01-02 (current_events.rules)
2840217 - ETPRO TROJAN Win32/Zpevdo.A CnC Host Checkin (trojan.rules)
2840218 - ETPRO TROJAN Win32/Likseput.B CnC Activity (trojan.rules)
2840232 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Egat.d App List
Exfil (mobile_malware.rules)
2840242 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-03
(current_events.rules)
2840243 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-03
(current_events.rules)
2840244 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-03
(current_events.rules)
2840245 - ETPRO CURRENT_EVENTS Successful Blockchain Phish 2020-01-03
(current_events.rules)
2840246 - ETPRO CURRENT_EVENTS Successful Vakifbank Phish 2020-01-03
(current_events.rules)
2840247 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish 2020-01-03
(current_events.rules)
2840248 - ETPRO CURRENT_EVENTS Successful Generic Multibank Phish
2020-01-03 (current_events.rules)
2840249 - ETPRO CURRENT_EVENTS Successful Associated Bank Phish
2020-01-03 (current_events.rules)
2840251 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-03 (current_events.rules)
2840252 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2020-01-03
(current_events.rules)
2840253 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-03
(current_events.rules)
2840254 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-01-03
(current_events.rules)
2840255 - ETPRO TROJAN Nanobot.px CnC Log Reporting (trojan.rules)
2840256 - ETPRO TROJAN MSIL/GenKryptik.DZXQ CnC Activity (trojan.rules)
2840260 - ETPRO CURRENT_EVENTS Successful Minha BV Bank Phish 2020-01-06
(current_events.rules)
2840264 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-06
(current_events.rules)
2840266 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-06 (current_events.rules)
2840267 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-01-06
(current_events.rules)
2840268 - ETPRO CURRENT_EVENTS Successful USAA Phish 2020-01-06
(current_events.rules)
2840269 - ETPRO CURRENT_EVENTS Successful Microsoft Outlook Phish
2020-01-06 (current_events.rules)
2840270 - ETPRO TROJAN Win32/KPOT Stealer Initial CnC Activity M3
(trojan.rules)
2840272 - ETPRO TROJAN Win32/Zpevdo.A CnC Host Checkin (trojan.rules)
2840273 - ETPRO CURRENT_EVENTS Successful Telstra Phish 2020-01-06
(current_events.rules)
2840274 - ETPRO TROJAN BlackRouter/BlackRoot Ransomware Variant CnC
Checkin (trojan.rules)
2840275 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2840276 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2840298 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2020-01-07 (current_events.rules)
2840299 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-07 (current_events.rules)
2840300 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-07 (current_events.rules)
2840301 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-07 (current_events.rules)
2840302 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-07
(current_events.rules)
2840303 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-07
(current_events.rules)
2840304 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-07 (current_events.rules)
2840305 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-07 (current_events.rules)
2840306 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-07 (current_events.rules)
2840307 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-01-07
(current_events.rules)
2840319 - ETPRO CURRENT_EVENTS Successful My3 Phish 2020-01-08
(current_events.rules)
2840320 - ETPRO CURRENT_EVENTS Successful AOL Phish 2020-01-08
(current_events.rules)
2840321 - ETPRO CURRENT_EVENTS Successful Agibank Phish 2020-01-08
(current_events.rules)
2840322 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2020-01-08
(current_events.rules)
2840323 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2020-01-08
(current_events.rules)
2840324 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-01-08
(current_events.rules)
2840325 - ETPRO CURRENT_EVENTS Successful Verified by Visa Phish
2020-01-08 (current_events.rules)
2840326 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-01-08
(current_events.rules)
2840327 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-08 (current_events.rules)
2840328 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC)
(trojan.rules)
2840329 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2840336 - ETPRO CURRENT_EVENTS Successful Microsoft Shared Document Phish
2020-01-09 (current_events.rules)
2840337 - ETPRO CURRENT_EVENTS Successful Microsoft Shared Document Phish
2020-01-09 (current_events.rules)
2840338 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2020-01-09
(current_events.rules)
2840339 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2020-01-09
(current_events.rules)
2840340 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish 2020-01-09
(current_events.rules)
2840342 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-01-09
(current_events.rules)
2840343 - ETPRO CURRENT_EVENTS Successful RBFCU Phish 2020-01-09
(current_events.rules)
2840344 - ETPRO CURRENT_EVENTS Successful Latam Airlines Phish 2020-01-09
(current_events.rules)
2840345 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2020-01-09 (current_events.rules)
2840346 - ETPRO CURRENT_EVENTS Successful BCP Phish 2020-01-09
(current_events.rules)
2840347 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-09
(current_events.rules)
2840348 - ETPRO CURRENT_EVENTS Successful Discover Phish 2020-01-09
(current_events.rules)
2840349 - ETPRO CURRENT_EVENTS Successful Discover Phish 2020-01-09
(current_events.rules)
2840350 - ETPRO MALWARE W32/Kuping Installation (malware.rules)
2840351 - ETPRO MALWARE W32/Kuping Commands (malware.rules)
2840352 - ETPRO TROJAN Win32/Buptenda.A Variant CnC Checkin (trojan.rules)
2840365 - ETPRO CURRENT_EVENTS Successful IRS Phish 2020-01-10
(current_events.rules)
2840368 - ETPRO CURRENT_EVENTS Successful RBFCU Phish 2020-01-10
(current_events.rules)
2840369 - ETPRO CURRENT_EVENTS Successful Western Union Phish 2020-01-10
(current_events.rules)
2840370 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-10 (current_events.rules)
2840372 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2020-01-10 (current_events.rules)
2840373 - ETPRO CURRENT_EVENTS Successful Banco Estado Phish 2020-01-10
(current_events.rules)
2840374 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-01-10
(current_events.rules)
2840375 - ETPRO CURRENT_EVENTS Successful Netease 163 Phish 2020-01-10
(current_events.rules)
2840376 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-01-10
(current_events.rules)
2840378 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-10 (current_events.rules)
2840379 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-10 (current_events.rules)
2840380 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
2840381 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840382 - ETPRO TROJAN Win32/QQWare Variant Checkin (trojan.rules)
2840383 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2840384 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2840394 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-13
(current_events.rules)
2840395 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-01-13
(current_events.rules)
2840396 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2020-01-13
(current_events.rules)
2840397 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-01-13
(current_events.rules)
2840398 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-13 (current_events.rules)
2840399 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-01-13
(current_events.rules)
2840400 - ETPRO CURRENT_EVENTS Successful Generic Email Deactivation
Phish 2020-01-13 (current_events.rules)
2840401 - ETPRO CURRENT_EVENTS Successful Maersk Shipping Documents Phish
2020-01-13 (current_events.rules)
2840402 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish 2020-01-13
(current_events.rules)
2840403 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-13
(current_events.rules)
2840407 - ETPRO TROJAN Observed Malicious SSL Cert (PredatorTheThief CnC)
(trojan.rules)
2840408 - ETPRO POLICY Observed SSL Cert (Pastecode) (policy.rules)
2840410 - ETPRO TROJAN Observed Malicious SSL Cert (CQueStealer CnC)
(trojan.rules)
2840411 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2840420 - ETPRO TROJAN Icefrog/Temp.Trident Domain Observed (trojan.rules)
2840425 - ETPRO CURRENT_EVENTS Successful Cpanel Update Password Phish
2020-01-14 (current_events.rules)
2840427 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-14 (current_events.rules)
2840428 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-14 (current_events.rules)
2840429 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-14 (current_events.rules)
2840430 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-14 (current_events.rules)
2840431 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-14 (current_events.rules)
2840432 - ETPRO TROJAN Observed Malicious SSL Cert (Phishing)
(trojan.rules)
2840439 - ETPRO TROJAN VBS/CageyChameleon CnC Beacon (trojan.rules)
2840442 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish
2020-01-15 (current_events.rules)
2840443 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-15
(current_events.rules)
2840444 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-15 (current_events.rules)
2840445 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-15 (current_events.rules)
2840446 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-15 (current_events.rules)
2840447 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish 2020-01-15
(current_events.rules)
2840448 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish 2020-01-15
(current_events.rules)
2840450 - ETPRO CURRENT_EVENTS Successful MKB Bank Phish 2020-01-15
(current_events.rules)
2840451 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-01-15
(current_events.rules)
2840452 - ETPRO CURRENT_EVENTS Successful Optimum Phish 2020-01-15
(current_events.rules)
2840453 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2020-01-15
(current_events.rules)
2840454 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-15
(current_events.rules)
2840456 - ETPRO TROJAN Observed Malicious SSL Cert (Malhost)
(trojan.rules)
2840461 - ETPRO TROJAN Observed DNS Query to Malicious Unrecom CnC Domain
(trojan.rules)
2840464 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-01-16
(current_events.rules)
2840465 - ETPRO CURRENT_EVENTS Successful SunTrust Bank Phish 2020-01-16
(current_events.rules)
2840466 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2020-01-16
(current_events.rules)
2840467 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
2840468 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840469 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2020-01-16
(current_events.rules)
2840470 - ETPRO CURRENT_EVENTS Successful La Banque Postale Phish
2020-01-16 (current_events.rules)
2840471 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-16 (current_events.rules)
2840473 - ETPRO CURRENT_EVENTS Successful Xfinity/Comcast Phish
2020-01-16 (current_events.rules)
2840474 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-16 (current_events.rules)
2840475 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
2840476 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840489 - ETPRO TROJAN CageyChameleon ZIP Download Request M1
(trojan.rules)
2840490 - ETPRO TROJAN CageyChameleon ZIP Download Request M2
(trojan.rules)
2840493 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-17
(current_events.rules)
2840494 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-17
(current_events.rules)
2840495 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-17
(current_events.rules)
2840496 - ETPRO CURRENT_EVENTS Successful Credit Mutuel FR Phish
2020-01-17 (current_events.rules)
2840497 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish 2020-01-17
(current_events.rules)
2840498 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-17
(current_events.rules)
2840499 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-17
(current_events.rules)
2840500 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-17 (current_events.rules)
2840501 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-17 (current_events.rules)
2840509 - ETPRO POLICY Possible Canary Token Service Domain Observed in
DNS Query (policy.rules)
2840511 - ETPRO TROJAN Observed Malicious SSL Cert (Unk CnC)
(trojan.rules)
2840512 - ETPRO TROJAN Observed Malicious SSL Cert (Unk/Xenon CnC)
(trojan.rules)
2840513 - ETPRO POLICY Observed Suspicious SSL Cert (NordVPN Domain
Fronting) (policy.rules)
2840521 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-01-21
(current_events.rules)
2840522 - ETPRO CURRENT_EVENTS Successful Vodafone Phish 2020-01-21
(current_events.rules)
2840523 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21
(current_events.rules)
2840524 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21
(current_events.rules)
2840525 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21
(current_events.rules)
2840526 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-01-21
(current_events.rules)
2840527 - ETPRO CURRENT_EVENTS Successful OurTime Phish 2020-01-21
(current_events.rules)
2840528 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21
(current_events.rules)
2840529 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-21 (current_events.rules)
2840530 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2020-01-21
(current_events.rules)
2840531 - ETPRO CURRENT_EVENTS Successful Banco Original Phish 2020-01-21
(current_events.rules)
2840532 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-21
(current_events.rules)
2840533 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-21
(current_events.rules)
2840534 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-01-21 (current_events.rules)
2840535 - ETPRO CURRENT_EVENTS Successful Generic Form Phish 2020-01-21
(current_events.rules)
2840536 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish
2020-01-21 (current_events.rules)
2840537 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-21
(current_events.rules)
2840538 - ETPRO CURRENT_EVENTS Successful Microsoft Update Your Account
Phish 2020-01-21 (current_events.rules)
2840539 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-01-21
(current_events.rules)
2840540 - ETPRO TROJAN Win32/Agent.AAPH Variant CnC (trojan.rules)
2840541 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-01-21 (current_events.rules)
2840542 - ETPRO TROJAN Observed Malicious SSL Cert (BoA Phish)
(trojan.rules)
2840556 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
2840557 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840558 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-01-22
(current_events.rules)
2840560 - ETPRO CURRENT_EVENTS Successful VK Phish 2020-01-22
(current_events.rules)
2840561 - ETPRO CURRENT_EVENTS Successful Sando Bank Phish 2020-01-22
(current_events.rules)
2840562 - ETPRO CURRENT_EVENTS Successful Spectrum Webmail Phish
2020-01-22 (current_events.rules)
2840563 - ETPRO TROJAN Muddywater Payload CnC Checkin (trojan.rules)
2840564 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-22
(current_events.rules)
2840565 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-22
(current_events.rules)
2840566 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-22
(current_events.rules)
2840567 - ETPRO CURRENT_EVENTS Successful Sprint Phish 2020-01-22
(current_events.rules)
2840568 - ETPRO CURRENT_EVENTS Successful Rackspace Phish 2020-01-22
(current_events.rules)
2840569 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-22
(current_events.rules)
2840570 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-22 (current_events.rules)
2840571 - ETPRO CURRENT_EVENTS Successful Tesco Phish 2020-01-22
(current_events.rules)
2840572 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-01-22
(current_events.rules)
2840573 - ETPRO CURRENT_EVENTS Successful ADCB Phish 2020-01-22
(current_events.rules)
2840574 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-22
(current_events.rules)
2840575 - ETPRO CURRENT_EVENTS Successful Sharepoint Phish 2020-01-22
(current_events.rules)
2840576 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-01-22
(current_events.rules)
2840577 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-22
(current_events.rules)
2840578 - ETPRO CURRENT_EVENTS Successful Mobile DE Phish 2020-01-22
(current_events.rules)
2840579 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-22
(current_events.rules)
2840584 - ETPRO TROJAN Observed Malicious SSL Cert (APT32/OceanLotus CnC)
(trojan.rules)
2840585 - ETPRO TROJAN DiamondFox CnC Checkin Variant (trojan.rules)
2840595 - ETPRO TROJAN Win32/Inject.NJJ Variant Host Checkin
(trojan.rules)
2840596 - ETPRO CURRENT_EVENTS Successful Unicredit Phish 2020-01-23
(current_events.rules)
2840597 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-23 (current_events.rules)
2840598 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish
2020-01-23 (current_events.rules)
2840599 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-01-23 (current_events.rules)
2840600 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-23
(current_events.rules)
2840601 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-23
(current_events.rules)
2840602 - ETPRO TROJAN Win32/F1L3F0lD Variant Host Checkin (trojan.rules)
2840603 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-23 (current_events.rules)
2840604 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-23 (current_events.rules)
2840605 - ETPRO CURRENT_EVENTS Successful Halifax Phish 2020-01-23
(current_events.rules)
2840606 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-01-23 (current_events.rules)
2840607 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-23 (current_events.rules)
2840609 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-23 (current_events.rules)
2840627 - ETPRO TROJAN Possible TA402 DNS Lookup (Payload Staging)
(trojan.rules)
2840630 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-01-24
(current_events.rules)
2840631 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-24
(current_events.rules)
2840632 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-24
(current_events.rules)
2840633 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-24
(current_events.rules)
2840634 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-24
(current_events.rules)
2840635 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2020-01-24 (current_events.rules)
2840636 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2020-01-24 (current_events.rules)
2840637 - ETPRO CURRENT_EVENTS Successful Spark NZ Phish 2020-01-24
(current_events.rules)
2840638 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-24
(current_events.rules)
2840639 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-24
(current_events.rules)
2840640 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-24
(current_events.rules)
2840641 - ETPRO CURRENT_EVENTS Successful Santander Phish 2020-01-24
(current_events.rules)
2840642 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-24
(current_events.rules)
2840643 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-24
(current_events.rules)
2840644 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-24 (current_events.rules)
2840645 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
2840646 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
2840648 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
2840649 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
2840650 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
2840651 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
2840652 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840668 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
2840669 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840670 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
2840671 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840673 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2020-01-27
(current_events.rules)
2840674 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-01-27 (current_events.rules)
2840675 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-01-27 (current_events.rules)
2840676 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2020-01-27
(current_events.rules)
2840677 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2020-01-27
(current_events.rules)
2840678 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-27 (current_events.rules)
2840680 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2020-01-27 (current_events.rules)
2840681 - ETPRO CURRENT_EVENTS Successful Unicredit Phish 2020-01-27
(current_events.rules)
2840682 - ETPRO CURRENT_EVENTS Successful Gov UK Identity Verification
Phish 2020-01-27 (current_events.rules)
2840683 - ETPRO CURRENT_EVENTS Successful Casas Bahia Phish 2020-01-27
(current_events.rules)
2840684 - ETPRO TROJAN HttpRat Host Checkin (trojan.rules)
2840685 - ETPRO POLICY Observed SSL Cert (ipecho IP Check) (policy.rules)
2840686 - ETPRO MALWARE Observed Malicious SSL Cert (Bspro Ads)
(malware.rules)
2840687 - ETPRO TROJAN Observed Malicious SSL Cert (Wizzcaster)
(trojan.rules)
2840718 - ETPRO TROJAN Win32/Spatet.I Host Checkin (trojan.rules)
2840719 - ETPRO TROJAN Slimrat CnC Activity (trojan.rules)
2840741 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (0df9c)
(web_client.rules)
2840747 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (7d75f)
(web_client.rules)
2840749 - ETPRO POLICY SSL/TLS Certificate Observed for Paste Site
(Rentry.co) (policy.rules)
2840754 - ETPRO CURRENT_EVENTS Terse POST to Wordpress Folder - Probable
Successful Phishing M7 (current_events.rules)
2840782 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
2840808 - ETPRO TROJAN SoranoBot/F-AV CnC Host Checkin (trojan.rules)
2844025 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (8d7a4)
(web_client.rules)
[---] Disabled and modified rules: [---]
2845069 - ETPRO CURRENT_EVENTS Successful Halifax Phish 2020-10-21
(current_events.rules)
[---] Disabled rules: [---]
2030614 - ET TROJAN Observed Malicious SSL Cert (Lazarus APT MalDoc DL
2020-07-30) (trojan.rules)
2030615 - ET TROJAN Observed Lazarus APT MalDoc DL Domain in TLS SNI
(trojan.rules)
[---] Removed rules: [---]
2844060 - ETPRO ACTIVEX Suspicious Zipped Filename in Outbound POST
Request (Recursive_Wallets/) M2 (activex.rules)